Move gnss to each device sepolicy folder
Bug: 312322769 Test: make sepolicy Change-Id: Iaeb079415d1a1b8c71dc72dde559dd2ad21c3886
This commit is contained in:
Wilson Sung
parent
9c71cd3f28
commit
ba2198d953
37 changed files with 179 additions and 23 deletions
|
|
@ -1,5 +1,2 @@
|
||||||
# sepolicy that are shared among devices using ZumaPro
|
# sepolicy that are shared among devices using ZumaPro
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
|
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
|
||||||
|
|
||||||
# GPS sepolicy
|
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
|
|
||||||
|
|
|
||||||
|
|
@ -14,3 +14,14 @@
|
||||||
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
||||||
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
||||||
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
||||||
|
# GPS
|
||||||
|
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
||||||
|
|
||||||
|
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
||||||
|
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
||||||
|
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
||||||
|
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
||||||
|
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
||||||
|
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
# GPS
|
|
||||||
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
|
||||||
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
|
||||||
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
|
||||||
|
|
||||||
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
|
||||||
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
|
||||||
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
|
||||||
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
|
||||||
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
|
||||||
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
|
||||||
|
|
@ -1,5 +1,2 @@
|
||||||
# sepolicy that are shared among devices using ZumaPro
|
# sepolicy that are shared among devices using ZumaPro
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
|
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
|
||||||
|
|
||||||
# GPS sepolicy
|
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
|
|
||||||
|
|
|
||||||
|
|
@ -14,3 +14,14 @@
|
||||||
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
||||||
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
||||||
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
||||||
|
# GPS
|
||||||
|
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
||||||
|
|
||||||
|
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
||||||
|
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
||||||
|
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
||||||
|
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
||||||
|
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
||||||
|
|
|
||||||
9
komodo/gnss_check.te
Normal file
9
komodo/gnss_check.te
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type gnss_check, domain;
|
||||||
|
type gnss_check_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(gnss_check);
|
||||||
|
|
||||||
|
allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
|
||||||
|
|
||||||
|
set_prop(gnss_check, ctl_stop_prop);
|
||||||
|
set_prop(gnss_check, ctl_start_prop);
|
||||||
23
komodo/gnssd.te
Normal file
23
komodo/gnssd.te
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
type gnssd, domain;
|
||||||
|
type gnssd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(gnssd);
|
||||||
|
|
||||||
|
# Allow gnssd to access rild
|
||||||
|
binder_call(gnssd, rild);
|
||||||
|
# binder_call(gnssd, hwservicemanager)
|
||||||
|
allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
allow gnssd radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow gnssd to acess gnss device
|
||||||
|
allow gnssd vendor_gnss_device:chr_file rw_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:dir create_dir_perms;
|
||||||
|
allow gnssd vendor_gps_file:file create_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:fifo_file create_file_perms;
|
||||||
|
|
||||||
|
get_prop(gnssd, bootanim_system_prop)
|
||||||
|
|
||||||
|
# Allow gnssd to obtain wakelock
|
||||||
|
wakelock_use(gnssd)
|
||||||
|
|
||||||
|
# Allow a base set of permissions required for network access.
|
||||||
|
net_domain(gnssd);
|
||||||
3
komodo/hal_gnss_default.te
Normal file
3
komodo/hal_gnss_default.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
binder_call(hal_gnss_default, gnssd);
|
||||||
|
|
||||||
|
allow hal_gnss_default gnssd:unix_stream_socket connectto;
|
||||||
1
komodo/rild.te
Normal file
1
komodo/rild.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
binder_call(rild, gnssd)
|
||||||
3
komodo/sctd.te
Normal file
3
komodo/sctd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type sctd, domain;
|
||||||
|
type sctd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(sctd);
|
||||||
3
komodo/spad.te
Normal file
3
komodo/spad.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type spad, domain;
|
||||||
|
type spad_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(spad);
|
||||||
3
komodo/swcnd.te
Normal file
3
komodo/swcnd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type swcnd, domain;
|
||||||
|
type swcnd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(swcnd);
|
||||||
|
|
@ -1,5 +1,2 @@
|
||||||
# sepolicy that are shared among devices using ZumaPro
|
# sepolicy that are shared among devices using ZumaPro
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
|
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
|
||||||
|
|
||||||
# GPS sepolicy
|
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
|
|
||||||
|
|
|
||||||
|
|
@ -42,3 +42,14 @@
|
||||||
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0
|
||||||
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
||||||
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
/dev/lwis-tof-tarasque u:object_r:lwis_device:s0
|
||||||
|
# GPS
|
||||||
|
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
||||||
|
|
||||||
|
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
||||||
|
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
||||||
|
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
||||||
|
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
||||||
|
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
||||||
|
|
|
||||||
9
ripcurrent24/gnss_check.te
Normal file
9
ripcurrent24/gnss_check.te
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type gnss_check, domain;
|
||||||
|
type gnss_check_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(gnss_check);
|
||||||
|
|
||||||
|
allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
|
||||||
|
|
||||||
|
set_prop(gnss_check, ctl_stop_prop);
|
||||||
|
set_prop(gnss_check, ctl_start_prop);
|
||||||
23
ripcurrent24/gnssd.te
Normal file
23
ripcurrent24/gnssd.te
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
type gnssd, domain;
|
||||||
|
type gnssd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(gnssd);
|
||||||
|
|
||||||
|
# Allow gnssd to access rild
|
||||||
|
binder_call(gnssd, rild);
|
||||||
|
# binder_call(gnssd, hwservicemanager)
|
||||||
|
allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
allow gnssd radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow gnssd to acess gnss device
|
||||||
|
allow gnssd vendor_gnss_device:chr_file rw_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:dir create_dir_perms;
|
||||||
|
allow gnssd vendor_gps_file:file create_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:fifo_file create_file_perms;
|
||||||
|
|
||||||
|
get_prop(gnssd, bootanim_system_prop)
|
||||||
|
|
||||||
|
# Allow gnssd to obtain wakelock
|
||||||
|
wakelock_use(gnssd)
|
||||||
|
|
||||||
|
# Allow a base set of permissions required for network access.
|
||||||
|
net_domain(gnssd);
|
||||||
3
ripcurrent24/hal_gnss_default.te
Normal file
3
ripcurrent24/hal_gnss_default.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
binder_call(hal_gnss_default, gnssd);
|
||||||
|
|
||||||
|
allow hal_gnss_default gnssd:unix_stream_socket connectto;
|
||||||
1
ripcurrent24/rild.te
Normal file
1
ripcurrent24/rild.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
binder_call(rild, gnssd)
|
||||||
3
ripcurrent24/sctd.te
Normal file
3
ripcurrent24/sctd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type sctd, domain;
|
||||||
|
type sctd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(sctd);
|
||||||
3
ripcurrent24/spad.te
Normal file
3
ripcurrent24/spad.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type spad, domain;
|
||||||
|
type spad_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(spad);
|
||||||
3
ripcurrent24/swcnd.te
Normal file
3
ripcurrent24/swcnd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type swcnd, domain;
|
||||||
|
type swcnd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(swcnd);
|
||||||
|
|
@ -1,5 +1,2 @@
|
||||||
# sepolicy that are shared among devices using ZumaPro
|
# sepolicy that are shared among devices using ZumaPro
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
|
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
|
||||||
|
|
||||||
# GPS sepolicy
|
|
||||||
BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
|
|
||||||
|
|
|
||||||
|
|
@ -10,3 +10,14 @@
|
||||||
/dev/lwis-sensor-boitata u:object_r:lwis_device:s0
|
/dev/lwis-sensor-boitata u:object_r:lwis_device:s0
|
||||||
/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0
|
/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0
|
||||||
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0
|
||||||
|
# GPS
|
||||||
|
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
||||||
|
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
||||||
|
|
||||||
|
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
||||||
|
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
||||||
|
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
||||||
|
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
||||||
|
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
||||||
|
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
||||||
|
|
|
||||||
9
tokay/gnss_check.te
Normal file
9
tokay/gnss_check.te
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type gnss_check, domain;
|
||||||
|
type gnss_check_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(gnss_check);
|
||||||
|
|
||||||
|
allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
|
||||||
|
|
||||||
|
set_prop(gnss_check, ctl_stop_prop);
|
||||||
|
set_prop(gnss_check, ctl_start_prop);
|
||||||
23
tokay/gnssd.te
Normal file
23
tokay/gnssd.te
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
type gnssd, domain;
|
||||||
|
type gnssd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(gnssd);
|
||||||
|
|
||||||
|
# Allow gnssd to access rild
|
||||||
|
binder_call(gnssd, rild);
|
||||||
|
# binder_call(gnssd, hwservicemanager)
|
||||||
|
allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
|
||||||
|
allow gnssd radio_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow gnssd to acess gnss device
|
||||||
|
allow gnssd vendor_gnss_device:chr_file rw_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:dir create_dir_perms;
|
||||||
|
allow gnssd vendor_gps_file:file create_file_perms;
|
||||||
|
allow gnssd vendor_gps_file:fifo_file create_file_perms;
|
||||||
|
|
||||||
|
get_prop(gnssd, bootanim_system_prop)
|
||||||
|
|
||||||
|
# Allow gnssd to obtain wakelock
|
||||||
|
wakelock_use(gnssd)
|
||||||
|
|
||||||
|
# Allow a base set of permissions required for network access.
|
||||||
|
net_domain(gnssd);
|
||||||
3
tokay/hal_gnss_default.te
Normal file
3
tokay/hal_gnss_default.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
binder_call(hal_gnss_default, gnssd);
|
||||||
|
|
||||||
|
allow hal_gnss_default gnssd:unix_stream_socket connectto;
|
||||||
1
tokay/rild.te
Normal file
1
tokay/rild.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
binder_call(rild, gnssd)
|
||||||
3
tokay/sctd.te
Normal file
3
tokay/sctd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type sctd, domain;
|
||||||
|
type sctd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(sctd);
|
||||||
3
tokay/spad.te
Normal file
3
tokay/spad.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type spad, domain;
|
||||||
|
type spad_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(spad);
|
||||||
3
tokay/swcnd.te
Normal file
3
tokay/swcnd.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type swcnd, domain;
|
||||||
|
type swcnd_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
init_daemon_domain(swcnd);
|
||||||
Loading…
Add table
Add a link
Reference in a new issue